219 53 3MB
English Pages 126 [127] Year 2021
Tatiana Gayvoronskaya Christoph Meinel
Blockchain Hype or Innovation
Blockchain
Tatiana Gayvoronskaya • Christoph Meinel
Blockchain Hype or Innovation
Tatiana Gayvoronskaya Hasso Plattner Institute for Digital Engineering gGmbH Potsdam, Germany
Christoph Meinel Hasso Plattner Institute for Digital Engineering gGmbH Potsdam, Germany
ISBN 978-3-030-61558-1 ISBN 978-3-030-61559-8 (eBook) https://doi.org/10.1007/978-3-030-61559-8 © Springer Nature Switzerland AG 2021 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Switzerland AG. The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
Preface
Is blockchain an “alien technology” or a new encryption algorithm to achieve the creation of digital currency that has been turned into hype for marketing reasons? Technically speaking, blockchain is presumably a highly complicated, non-transparent technology, something that only corporate giants with innovation labs can work with – at least that is what most people think. The confusion is understandable, as even today1 the debate rages on as to the “correct” definition of blockchain technology. In 2016 and 2017, when the hype surrounding blockchain had reached its peak, numerous companies began to take part in the “blockchain experiment.” Each had its own visualization of blockchain. This meant that the hype surrounding blockchain technology not only served to spur on development but, at the same time, was the most common cause of failure. The planning and development phases of numerous projects were shortened dramatically, so that the product could be brought to the market as quickly as possible and thereby profit from the extensive hype. At the same time, many technical concepts and projects that had already existed before the appearance of blockchain technology (and had little to do with its innovation) could be sold more successfully under the blockchain name. That the strongly hyped blockchain technology was met with disappointment should therefore come as no surprise. Looking at a new technology realistically is the cornerstone of its success. This can only happen when the innovation is used correctly. In this book, we focus on the innovation of blockchain technology and the advantages this technology offers us when compared to existing solutions. Our goal is to provide a clear and comprehensive overview of blockchain technology and its possibilities, thereby helping you to form an opinion and draw your own conclusions. Right from the start, we would like to sharpen our focus on the main objective of blockchain technology. To do this, we begin in the first chapter with the topic of decentralized networks, familiarizing ourselves with their challenges and using
1 At
the time this book was written. v
vi
Preface
the example of an online trading platform. In succeeding chapters, we explain what blockchain technology is, where it comes from, and how it works. Before we take a closer look at technical questions, we will explore the necessary technical foundations. In this chapter, we examine individual approaches at the core of blockchain technology, and how they are composed. With the help of well-known examples, such as Bitcoin and Ethereum, we look at the architecture of blockchain technology and focus on the challenges facing it, such as those involving security and scalability. Subsequently, we discuss the options available when introducing blockchain technology. Among other things, we will target best-practice examples to get a better idea of what areas benefit from this technology. Numerous examples and detailed explanations will accompany you throughout this book. It is our hope that by the time you have reached the end, you will be able to decide for yourself what is truly innovative about the blockchain technology and what is nothing more than hype. This book builds on our Technical Report [25] and aims to provide a comprehensive overview of blockchain technology. In addition to the technical foundations, it aims to cover the big picture, from the idea of the Bitcoin system to the challenges facing blockchain technology and its alternatives. We would like to thank Mr. Matthias Bauer for his linguistic support in the writing of this book. We also wish to thank Dr. Sharon Therese Nemeth for the translation of this book from the German language edition. Potsdam, Germany August 2020
Tatiana Gayvoronskaya Christoph Meinel
Contents
1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 1.1 Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 1.2 Resource Allocation and Administration . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .
1 2 3
2 What Is Hidden Behind the Term “Blockchain”? .. . .. . . . . . . . . . . . . . . . . . . . 2.1 Understanding Blockchain: A Simple Example . . .. . . . . . . . . . . . . . . . . . . . 2.2 Bitcoin .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .
5 6 9
3 Technical Basics for a Better Understanding of Blockchain Technology .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 3.1 Cryptography .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 3.1.1 Digital Signatures and Hash Values. . . . . . . .. . . . . . . . . . . . . . . . . . . . 3.1.2 User Identification and Addresses . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 3.2 Exchange Among Equals . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 3.2.1 Obfuscation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 3.2.2 Data Protection and Liability. . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 3.3 Consensus Finding .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .
15 15 16 18 20 25 27 28
4 Where Does the Hype End, and Where Does the Innovation of Blockchain Technology Begin? . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 4.1 Traceability, Forgery Protection, Reliability . . . . . . .. . . . . . . . . . . . . . . . . . . . 4.1.1 The Smallest Component in a Blockchain.. . . . . . . . . . . . . . . . . . . . 4.1.2 Block and Chain . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 4.1.3 Updating the Blockchain . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 4.1.4 New Blockchains and Alternatives . . . . . . . .. . . . . . . . . . . . . . . . . . . . 4.2 Challenges of Blockchain Technology .. . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 4.2.1 Possible Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 4.2.2 Scalability .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .
35 36 38 42 46 50 52 52 56
vii
viii
Contents
5 The Right Use Leads to Success . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 5.1 The Application of an Existing Blockchain Solution . . . . . . . . . . . . . . . . . 5.1.1 UTXO-Based Solution with Colored Coins .. . . . . . . . . . . . . . . . . . 5.1.2 Account-Based Solution and Smart Contracts . . . . . . . . . . . . . . . . 5.1.3 Interoperable Blockchains .. . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 5.2 Implementation of a New, Unique Blockchain Solution . . . . . . . . . . . . . .
69 71 71 73 75 78
6 Projects and Application Areas of Blockchain Technology . . . . . . . . . . . . . 6.1 Financial Sector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 6.2 Identity Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 6.3 Internet of Things . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 6.4 Energy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 6.5 Logistics .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .
79 87 89 91 93 94
7 Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .
97
A Byzantine Agreement Algorithm .. . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 103 B Automatically Use TOR Hidden Services . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 105 C Verifying the Transaction in the Bitcoin System. . . . . .. . . . . . . . . . . . . . . . . . . . 107 D The Byzantine Generals Problem . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 109 E Atomic Cross-Chain Trading . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 111 F Ethereum Roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 113 References .. .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 115 Index . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . 125
Chapter 1
Introduction
Abstract It is very comfortable to have an intermediary, such as a bank, who is able to intervene in sensitive matters and can control money transfers and account access. Also digital services like social networks, online trade or cloud storage provide us with access to an online platform and act as an intermediary between us and other users, service providers or an infrastructure. We usually pay with our data for the online services we get for free. The dissolution of the mediator also means the dissolution, or division, of the trust, management and resources among all users involved. Who then protects us if one of our communication partners turns out to be a fraud? Trust is a central issue in P2P networks. In this chapter, we would like to introduce you to the topic of decentralized networks and also to their challenges using the example of an online trading platform.
An unexpected situation suddenly arises. When transferring a large sum of money, you entered an incorrect account number. Panic sets in – what should you do now? Probably the first thing that comes to mind is to report what’s happened to your bank. As your bank regulates all your transactions, it can easily track everything that has transpired and, in your case, reverse the transaction in question. It is comfortable to have a mediator, such as a bank, who can intervene in such matters and control the money transfer as well as access to your account. At the same time, as we have already seen, the price for this comfort is at the risk of your data becoming transparent and accessible for third parties. Continuing with the bank example, let us look at other online services, such as social networks, online trading or free cloud storage. The service provider makes an online platform available to us and acts as a mediator between us, other users, other service providers or an infrastructure. We usually pay with our data for services that we get online for free. With the advent of the new General Data Protection Regulation (GDPR, in German DSGVO), we expect service providers to tell us what happens to our data; for instance, whom our data will be passed on to. Trust in the mediator, in our case the service provider, is “high,” because we entrust him with our personal data. This concept is based on a kind of “network monarchy”: the so-called client-server
© Springer Nature Switzerland AG 2021 T. Gayvoronskaya, C. Meinel, Blockchain, https://doi.org/10.1007/978-3-030-61559-8_1
1
2
1 Introduction
model. The name already gives us a picture of how the model works: you (the client) can obtain specific services by making a request for the service (at its server). A dissolution of the mediator necessarily means the dissolution or the division of trust, management and resources among all parties involved. A so-called network democracy is then the consequence, which is also known as a decentralized network or peer-to-peer model (P2P). In such a network model, the parties involved take the place of the intermediary or in our case the service provider. This means that all parties who interact with each other in the framework of a service (e.g., you and the one to whom you want to transfer a sum of money) are simultaneously service users and service providers. The question then arises as to who is now responsible for the smooth workings of the service. For example, what if the party to whom you address the transfer is a new IT provider from abroad, whom you selected based on good Internet reviews, but with whom you have not had any contact to this time. To put it bluntly, you don’t really trust the other party. So, who will protect you if there is a scammer hiding under the mask of the IT service provider?
1.1 Trust Trust is a central issue in P2P networks. Without a so-called trusted third party, the users of a service are forced to either trust each other or to trust the system offering the service. It is possible to handle this situation in different ways. Building mutual trust could mean making use of the services dependent on certain conditions. For instance that you and your communication partner carry out a video identification process whereby you disclose your private information. This is, however, time consuming and does not offer protection from fraud. Another option is to build a trust network. For example, you are convinced of the professional competence of a colleague and therefore feel certain that the service provider he recommends will fulfill its promise. In this case, your participation in the system and the use of the service are similarly subject to conditions – you must have someone in the system whom you trust and who trusts you. Another way to build trust between parties in a decentralized system is to engage in a mutual evaluation of the behavior of all participants. In such a reputation-based system, participants can simply join or leave the system at will since their participation is not subject to any conditions (permissionless system). An example of a reputation-based system is the trading platform eBay. However, to eliminate the opportunity for malicious users to give other users false ratings, a decentralized system of this kind must be subject to further restrictions.
1.2 Resource Allocation and Administration
3
1.2 Resource Allocation and Administration Let us continue with the example of the online trading platform. The only difference now is that we do not have a central authority through which all queries go and to whom we can report a malicious user. We want to now use a decentralized system in which users do not trust each other because they do not know each other. Furthermore, they do not have to fulfill any other conditions (permissionless system) to join the system and to use the service other then installing the app. In this case, it would help us if certain system rules were in place that all users had to follow. At the same time, it would be wrong for us to assume that all users act rationally and follow the set rules strictly. For this reason, we would like to use the best-known behavior control measures – reward and punishment. In practice, this means that all users in our system are rewarded if they follows set rules, just as they are punished if they violate the rules. If the punishment is not a sufficient deterrent, malicious users will still try to get around the rules and to manipulate our online trading platform. For example, for such a user it is more worthwhile to sell one expensive TV multiple times and subsequently have his account blocked when found out, and after that to establish a new account, as to get a reward for being “honest” at half the price of the TV. Since all users in our system are at the same time service providers, all follow the same rules and have the same rights, all the resources (data on the products, communications, transactions, etc.) are distributed to all users, verified by each user and then saved. If such a malicious user sells the same product multiple times1 and the information on every sale (more specifically, the transaction) is spread to all other users, they will then identify the fraud. However, if the malicious user floods our online trading platform with numerous false identities (also known as a Sybil attack), it will be hard for honest users to establish the truth. In this case it is important that honest users make up the majority. How large the majority must be was a question that had already occupied scientists in the 1980s, as seen in the work by Leslie Lamport, Robert Shostak and Marshall Pease [19]. These scientists described a tolerable ratio of malicious users to honest users in a decentralized system. The problem of finding a consensus in a decentralized network (i.e., in spite of the contradictory informations/statements by malicious and honest users in reaching an agreement) has become known as the “Byzantine Generals Problem” (see Sect. 3.3). The more malicious users a decentralized system is able to tolerate, the more robust it must be. Historically-speaking, such systems have been linked to a number of conditions (permissioned systems), for example whether the number of system users and/or their identities are generally known. In decentralized systems, such as the Internet, such conditions would be inefficient as well as nearly impossible to fulfill. In contrast, the Nakamoto consensus mechanism, which is anchored in
1 Also
known as double spending.
4
1 Introduction
blockchain technology and was used for the first time in the Bitcoin system, also works in networks that do not place restrictions on the number of system users or on identifying them (permissionless system). This means, users are free to join and leave the network as they choose [24]. In fact, the Nakamoto blockchain protocol is explicitly designed to work in a network with message delays, and is in fact used in just such a network (the Internet) [28]. This protocol contains several rules/algorithms that ensure the security of blockchain technology against manipulation. With this book, we would like to help you in forming your own opinion about blockchain technology and thus be able to distinguish between what is truly innovative about blockchain technology and what is nothing more than hype.
Chapter 2
What Is Hidden Behind the Term “Blockchain”?
Abstract We now know about the basic challenges facing the secure use of decentralized systems, and, by way of an example, have seen what has made blockchain technology possible. Before we dive deeper into the subject matter, we will attempt to gain a better understanding of blockchain technology by way of a previous example. We also want to draw a demarcation line between the terms Bitcoin and Blockchain.
2008 is considered to be the year of blockchain technology’s birth. Satoshi Nakamoto laid the cornerstone for blockchain technology in November 2008 with the publication of “Bitcoin: A Peer-to-Peer Electronic Cash System.” And already in January 2009, he published the first version of the Bitcoin open-source software. The identity of Satoshi Nakamoto remains a mystery. The name has long been suspected to be a pseudonym behind which a group of developers is hiding. In 2008, the Bitcoin system was intended to revolutionize the financial sector – hard hit by the financial crisis – and to offer a third-party independent, digital payment system. The cryptocurrency called bitcoin was created as a digital currency based on a decentralized and cryptographically secured system of payment. What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party [26]. – Satoshi Nakamoto
The idea of a secure decentralized payment system already existed before Bitcoin came along. However, none of the proposed approaches could prevail due to errors either in the concept or because of problems with security.1 The blockchain technology on which the Bitcoin system is based, on the other hand, enables a robust and secure decentralized system, without any precondi-
1 Such as the problem of double spending the same money (double spending problem – this would be as if a banknote were copied and then issued/spent in duplicate form) and lack of security to protect against a Sybil attack (in such an attack a malicious user assumes any number of false identities) etc.
© Springer Nature Switzerland AG 2021 T. Gayvoronskaya, C. Meinel, Blockchain, https://doi.org/10.1007/978-3-030-61559-8_2
5
6
2 What Is Hidden Behind the Term “Blockchain”?
tions placed on the number of system users or their identification.2 Simultaneous protection is provided against Sibyl and double spending attacks [28]. The terms Blockchain and Bitcoin are often incorrectly used as synonyms, whereby Blockchain is a technology and Bitcoin a concrete system that uses Blockchain technology for digital payment processing. Because the implementation of the Bitcoin concept is open source, it is possible for anyone to use the code for their own blockchain application and to adapt it accordingly. The term blockchain first came into being following the creation of new bitcoin-like projects, when it was necessary to make a conceptual distinction between these and the already existing Bitcoin system. In later years, other terms have become prevalent such as distributed ledger technology, which refers to the most widespread use case of the blockchain technology: the so-called decentralized “registry.” [24] In the meantime, numerous projects have arisen that are based on blockchain technology and offer a large variety of services and products. Thus, the implementation of blockchain technology is not just limited to the area of cryptocurrency or decentralized registry, but the technology is used to a great extent as a programmable, decentralized trust infrastructure [192] – so-called Blockchain 2.0 (see Sect. 4.1.1). This is based on a further development of the original concept of blockchain technology, which now offers not only a robust and secure decentralized system for value exchange or logging3 (registry), but also enables digital autonomous contracts (so-called smart contracts). So what is behind this new registry or trust infrastructure, and how can we use it in concrete terms? Is it a magic bullet for our problems or just a new, unnecessarily complicated web of computer science that the media have discovered for themselves and turned into hype?
2.1 Understanding Blockchain: A Simple Example Let us consider blockchain technology using the example of the decentralized online trading platform that was previously described. In this instance we already have a decentralized system with numerous users spread all over the globe. The users neither know each other nor do they trust each other. Our users do not have to meet any conditions to join the system. To use the system, they only need to install the corresponding app. Since all users of our system are simultaneously service providers, and all have the same rights, all resources4 and the administration5 of the system are allocated to every user. These are available to users via the app. To
2 Users
are free to join and leave the network as they choose (permissionless system). logging. 4 Data on the products, communication, transactions, etc. 5 Fixed regulations, verification of resources, establishing and managing of communication, etc. 3 Information
2.1 Understanding Blockchain: A Simple Example
7
put it more precisely, besides containing all rules and functions every app also has a database with an copy of all resources. For example, the sales advertisement you have just created is sent to all users in the system and stored in the database of each user. In this way, all the users’ apps communicate together. They all exchange data, check the data they receive and save it. Due to different delays, the data is distributed at different periods of time on the Internet. As we do not have a centralized service that records and manages the incoming data, we need an administration mechanism. It must include a tamper-proof time stamping service to ensure the correct and uniform order of information included in the system for all users. The following example gives us an illustration of this.
Let’s assume you sold your TV on our online trading platform. Your app creates a transaction with the sales data (e.g., sales object, buyer, price) and sends it to all users on your address list. The apps of these users verify the transaction sent from your app based on fixed rules. A copy of the transaction is also saved and forwarded to all users in their address books. In this way, your transaction spreads throughout the entire system. The buyer of your TV receives the transaction from one of the users who had his address in the address list. He carries out the same procedure in handling the transaction: verify, save, and forward. During verification, it is determined by the buyer’s app that the transaction is addressed to him and he visualizes the contents of the transaction for the buyer in the user interface. Shortly after the purchase, the buyer of your TV decides to resell the TV. When he has found a buyer, he creates a new transaction and sends it out. Let us assume that your transaction has not yet spread throughout the whole network and a user receives the second transaction first. In this case, in the verification process he will declare that the transaction is wrong, because according to the information stored in the system (information in his app) the TV still belongs to you.
Blockchain technology uses cryptographic linking and a connection of contents (linked time stamping) in order to determine for all users the correct and uniform order of all the information included in the system. Because a decentralized system, whose users are not bond to certain conditions, can also attract dishonest/malicious users, the connection of contents is combined with a computationally complex task. Blockchain technology assumes that in a system without conditions of participation (malicious users can generate many false identities) the majority of computing power is in the hands of honest users and not that the majority of users are honest. In this way, the robustness of blockchain technology is guaranteed [28]. Each user can thus provide a timestamp and thereby store the contents in a uniform sequence and spread it throughout the system. A reward serves as a
8
2 What Is Hidden Behind the Term “Blockchain”?
motivation for users to perform a computationally demanding task and thus to ensure the security of the system. This means that every user of our service is able to get a reward if he cryptographically links copies of the content distributed in the system and saved in his app (e.g., ads, transactions etc.). Our system would be far too slow if, every time new content arrives, our users were to solve a computationally complex task and would cryptographically link all contents individually with each other. To make the process more efficient, our user will first merge multiple contents6 into a list of a specified size (Bitcoin 1 MB, Ethereum7 approx. 27 kB) and create a cryptographic “fingerprint” of the list (Merkle root8 ). The fingerprint along with other metadata,9 solution to the computationally complex cryptographic task and the “link” to the existing content10 will be compiled in a list header. The list of the contents together with the additional information (list header), is called the Block in blockchain technology and the list header correspondingly the Block Header. The link to the already existing contents is nothing more than a cryptographic “fingerprint” of the block header of the previous block. After a block is created, it is distributed to all users like the other content. Each user verifies the block it has received, adds its copy to the last block in its database and forwards it to the other users. Consequently, an ordered block chain is formed – and thus the term Blockchain was born. The content that has already been included in a new block is deleted from the buffer (memory pool) and remains saved in block form in the users’ databases. Since we have a decentralized system, it can happen that several users simultaneously solve the computationally complex cryptographic task and each create and distribute a new block with the same contents. If these blocks comply with all rules and refer to the same last block, it is possible that the chain will branch. This branching is also known as a fork. The solution for this is at the same time the most important rule in a blockchainbased system: “The longest chain is valid because the workload there is correspondingly higher.” This rule is also called the Nakamoto consensus (more in Sect. 3.3). Due to the network delay, it takes different time to spread the blocks. This means that the user who wants to create a new block, will link it to the block that he received first. The reward is paid out only to the user whose block is in the longest chain. Thus, after a time, only a single chain will prevail. The shortest chain is ignored; its blocks are called orphan blocks (see Fig. 4.6). However, the information contained11 therein does not expire. What is not yet contained in the valid blocks, will be saved in the buffer (memory pool) of the user.
6 Information,
values. 2020. 8 More in Sect. 4.1.1. 9 More in Sect. 4.1.2. 10 Information, values that have already been stored in the database of the app. 11 In the Bitcoin system, values in the form of transactions. 7 May
2.2 Bitcoin
9
Thanks to cryptographically linked time stamping and the computationallyintensive cryptographic task, the plan of the malicious user to pocket the money for his television several times over will not succeed easily. In each of his fraudulent transactions, he assigns the same object (a television with a certain identification number) to a new owner/recipient, confirms the transaction with his signature and sends it to other users. Only one of the transactions will be included in a new block (the one that first arrived at the user who created the block). The others are declared void. But if the malicious user had more computing power than all of the other users put together, he would be able to monopolize the creation of new blocks and in this way enforce his own blockchain, the longest chain. This approach is also known as the 51 percent attack. In this case, the malicious user can create a second transaction with the same product (the television that has already been sold to a user) and a new buyer. First, he waits until his first transaction has been included in a valid block and he has received the money for the sale. Then, the malicious user creates a new block containing the second transaction, and he distributes it throughout the network. In this case, it is important that the previous block of the first and the second transaction is the same. This creates a branching effect in the current, valid chain – a so-called fork. The malicious user must enforce12 the new chain until it is longer than the other chain, and he subsequently receives money for his second transaction as well. 12
By creating new blocks for it.
Such an attack would be nearly impossible in the Bitcoin system, as the level of difficulty of the cryptographic task is very high in comparison to other blockchainbased systems and consequently requires an enormous energy expenditure (see Sects. 3.3 and 4.1.3). How these topics are related will be examined in the next chapters. Before we turn to the technical foundations of blockchain technology, we will take a brief look at the first blockchain application: the Bitcoin system.
2.2 Bitcoin The term Bitcoin is associated with the first application of the blockchain technology – that is, a decentralized and cryptographically secured payment system.
10
2 What Is Hidden Behind the Term “Blockchain”?
Instead of using a so-called fiat currency13 a digital currency is used, a so-called cryptocurrency named bitcoin (BTC14 ). The blockchain technology, upon which the Bitcoin system is based, enables a robust, decentralized system without any requirements regarding the number of system users or their identification.15 All users are simultaneously service providers. They have the same rights and the same copy of the database (public blockchain – more information can be found in Sect. 4.1.4). This database can be compared to a public register or land register, made up of ordered and unchangeable entries that are updated by all users consistently based on a consensus (the longest chain is valid and means more effort16). In the Bitcoin system, for example, these registry entries represent transactions [28]. In the transactions, Bitcoin values (bitcoins) are transmitted between different addresses (comparable to a bank account number) or, more specifically, the addresses in the transactions will be renewed/overwritten. Blockchain technology is often called the “Internet of Value” because in most applications the focus is essentially on the decentralized logging of the ownership of certain values. This means when a value was owned and by whom. In addition to cryptocurrencies, these values can represent securities, a rented apartment that changes its tenants, a kilowatt hour of solar power that is traded between neighbors, or the authorization to unlock an office door, which are then recorded in the blockchain “register.” Since the database is public this means that in the Bitcoin system, for example, information about who received bitcoins from who and how many is made public knowledge as well as the “account balance” and that all the transactions from an address17 are traceable [52]. While the disclosure of all information helps to guarantee the security of the system (everyone is allowed to verify all contents) and a better scalability in relation to the number of system users (everyone can join or leave the system at will), it impairs the privacy of the users. In order to disguise the identity of the users, many blockchain applications, including Bitcoin, use pseudonyms – so-called user addresses, comparable to a bank
13 Fiat currency, or fiat money, is money that is not covered by any assets. The money is used as a medium of exchange, but has no intrinsic value. Today’s currency systems are usually not covered by a commodity. For example, money issued by a central bank, such as euros or dollars, is called fiat money. 14 BTC is the abbreviation of the Bitcoin currency. Bitcoin has several decimal metric units. For example, 0.1 BTC is a deci-bitcoin (dBTC), 0.01 BTC is a centi-bitcoin (cBTC), 0.001 BTC is a milli-bitcoin (mBTC), 0.000001 BTC is a micro-bitcoin (µBTC) and 0.00000001 BTC a Satoshi – the smallest possible unit. 15 Users are free to join and leave the network at will (permissionless system). 16 A computationally-intensive cryptographic task for each block in the chain. 17 Comparable to a bank account number; more in Sect. 3.1.2.
2.2 Bitcoin
11
account number – which are difficult to trace back to the end user (see Sects. 3.1.2 and 4.2). Besides pseudonyms, further concealment tactics are available for the Bitcoin system, for example: • Use of the anonymous network TOR [183] for concealment of IP addresses, • Anonymous mixing services (also called tumblers) are intended to conceal the receiver of the transaction. The bitcoins to be transferred are divided into several parts and sent to multiple addresses suggested by the mixing service provider. Subsequently, the same number of new bitcoins are then sent from these addresses to the actual recipient. This service naturally requires the trust of the user and is not legal in every country. Just as many other currencies, bitcoins can be bought and traded via platforms in the Internet for a fee, for example through CoinBase, BitPay or AnycoinDirect. As the demand for bitcoins fluctuates strongly, the price is also dependent on the strong fluctuation. In the past, just in the time span of one week, the price changed by up to 25 percent. In recent years, the rate of the bitcoin has set new records. In December 2017, the value of a bitcoin (BTC) stood at EUR 16,000 for a short time, but fell to EUR 5,500 at the beginning of February 2018. In January 2019, a bitcoin cost approx. EUR 3,000 and in January 2020 the bitcoin rate exceeded the EUR 7,000 threshold. The Bitcoin system ensures a constant inflow of new bitcoins. These are distributed as a reward in the context of block creation to the block creating users. In 2013, already 8 million bitcoins were in circulation and in June 2019 nearly 18 million. The upper limit set by Satoshi Nakamoto in the Bitcoin architecture of 21 million bitcoins will be reached to 99 percent in 2032 [39]. Endless inflation is prevented from occurring due to the defined upper limit of existing bitcoins [61]. In order to manage (transfer, receive, and store) bitcoins, the user needs a Bitcoin “wallet.” Mobile, desktop and web applications are available for the wallet. There are also physical Bitcoin wallets, such as hardware and paper wallets18 (Figs. 2.1 and 2.2). The cryptocurrency wallets analyze the blockchain and then, to give the user a better overview, display the user’s incoming and outgoing transactions and current supply of money. The Bitcoin currency is already accepted by many companies as a means of payment – from IT service providers to those companies in the gastronomy sector (see Figs. 2.3 and 2.4). After this brief overview of blockchain technology and the Bitcoin system, we will delve deeper into the subject matter in the following chapters. To do this, let’s first look at the basics necessary to understand blockchain technology.
18 More
on the subject of the hardware wallet can be found in Sect. 4.2.
12
2 What Is Hidden Behind the Term “Blockchain”?
Fig. 2.1 Hardware wallet Trezor One [186]
Fig. 2.2 Hardware wallet Ledger Nano X [151]
2.2 Bitcoin
Fig. 2.3 Spread of the Bitcoin currency worldwide [99]
Fig. 2.4 Spread of the Bitcoin currency in Europe [99]
13
Chapter 3
Technical Basics for a Better Understanding of Blockchain Technology
Abstract The context for the subject of blockchain has now been established. Some readers perhaps may not have a technical background to allow for a complete understanding of the entire mechanism of blockchain technology. In this chapter, we would like to take a closer look at the individual approaches that make up blockchain technology and how they are composed.
The innovation of blockchain technology should neither be understood as a new encryption algorithm nor an “alien technology,” but instead as a successful combination of already existing technological approaches, such as cryptography, decentralized networks, and consensus finding models. In the following chapters we will look in more detail at these individual approaches and how they come together in blockchain technology.
3.1 Cryptography The term cryptography comes from ancient Greek and means “secret writing” [147]. But it also describes the science that deals with the security of messages (encryption, decryption, checksums, etc.). The classic task of cryptography is to make a message incomprehensible for outsiders [3]. In the course of its long history1 several approaches have been established in the field of cryptography. One of the most important developments in cryptography is Kerckhoffs’s principle, which describes the transition of the secrecy of the algorithm to the secrecy of the key. The security of a cryptographic procedure is based solely on the secrecy of the key. – Kerckhoffs’s principle [10, 16]
1 Already 3,000 years before we began to calculate time, cryptography was used in ancient Egypt [147].
© Springer Nature Switzerland AG 2021 T. Gayvoronskaya, C. Meinel, Blockchain, https://doi.org/10.1007/978-3-030-61559-8_3
15
16
3 Technical Basics for a Better Understanding of Blockchain Technology
In this way, an encryption procedure can be made public and examined for weaknesses by experts worldwide and improved. Kerckhoffs’s principle is applied to the so-called symmetric-key algorithms (AES, DES, IDEA). Thus, a message is encrypted and decrypted using the same key. This means that the sender as well as the recipient must have the key. The problem is that the key must be kept secure, and at the same time it must be exchanged in secure way between the communication partners. This gets even more complicated if we want to have multiple encrypted communications. In this case, we would need a different key for each. The asymmetric-key algorithm stands in contrast to this procedure. Also known as asymmetric cryptography or public-key cryptography, it relies on a key pair – a key available to the public for encryption and a secret key for decryption. In blockchain technology, digital signatures from the public-key cryptography and cryptographic hash functions from the checksum technique are used.
3.1.1 Digital Signatures and Hash Values The basic idea in public-key cryptography is that all participants who engage in encrypted communication have a different pair of keys, instead of a common secret key, for encrypting and decrypting messages. Each participant has a secret key, also called a private key, and a public key. The public key is freely available to all communication partners. The secret key must – as the name suggests – remain secret and is used to decrypt and sign messages.
Let us consider an example with two interaction partners who we shall call Alice and Bob. Alice wants to send a message to Bob. Alice encrypts the message with Bob’s public key before sending it. Only Bob is able to decrypt the message with his private key (Fig. 3.1) [11].
A digital signature is a number or a sequence of bits that is calculated from a message using the public-key procedure and whose authorship and affiliation with the message can be checked by anyone [12].
By signing the message, Alice confirms that it has actually come from her (she uses her private key to do this). Bob can confirm this by verifying Alice’s signature using Alice’s public key (Fig. 3.2).
3.1 Cryptography
17
Message is encrypted
Decryption
Hello Bob!
Hello Bob!
Announcement of a Public Key
Fig. 3.1 Public-key cryptography
Hello Bob! Hash function
Signing function
Announcement of a Public Key Signed message being sent
Fig. 3.2 Digitally signing and verifying a message
Signature verification Hello Bob!
18
3 Technical Basics for a Better Understanding of Blockchain Technology
Hash functions are one-way functions. This means that the mathematical calculation is simple in one direction2 but very difficult in the opposite direction,3 if not nearly impossible [11]. A hash function converts an amount of data of various lengths into a hexadecimal string of a fixed length. The hash value consists of different combinations of numbers and letters between 0 and 9 and between A and F (as a substitute for the hexadecimal numbers 10 to 15). This procedure makes it possible to identify a message relatively clearly4 and easily, without revealing the message contents. For this reason, the hash value is often called a fingerprint. The most common hash function used in blockchain technology is SHA-256 (Secure Hash Algorithm), where 256 indicates the length of the hash value in bits. Even the smallest change to the message results in a completely different hash value. The following example shows the great differences in the SHA-256 algorithm hash values based on variations of the name Alice: • Alice 3bc51062973c458d5a6f2d8d64a023246354ad7e064b1e4e009ec8a0699a3043 • Alice1 9d328d8b7ac56e1f71ce94ed3c7975d63c8b6f1a54d5186de8881cf27dd8b3a9 • alice 2bd806c97f0e00af1a1fc3328fa763a9269723c8db8fac4f93af71db186d6e90 In blockchain technology, digital signatures are used to confirm that the transactions are derived from one’s own resources. Since hash values allow a relatively clear and simple identification of the data, they are used as references in blockchain technology. For example, in the third Bitcoin block we find a reference to the second block. This reference is the SHA-256 hash value of the second block and looks like this: 000000006a625f06636b8bb6ac7b960a8d03705d1ace08b1a19da3fdcc99ddbd. Not only is an unambiguous identification and referencing of the blocks possible through this procedure, but it also ensures that the block contents are protected against manipulation.
3.1.2 User Identification and Addresses For the purpose of user identification special pseudonyms are used in many blockchain applications. The pseudonyms are used simultaneously in many blockchain applications as “account numbers.” They are therefore also called addresses (e.g., Bitcoin addresses). Originally in the Bitcoin system it was possible to send bitcoins to IP addresses [69]. However, this also opened up opportunities
2 Calculating
a hash value from a plain text message, for example from the name Alice. the original message only using the hash value and the hash algorithm. 4 Collisions are very rate, but not unheard of. The collision resistance varies depending on the hash functions. 3 Calculating
3.1 Cryptography
19
Bitcoin address from Alice:
Fig. 3.3 Address generation in the Bitcoin system
for attack. In order to credit a user with a Bitcoin value, cryptographic methods are used exclusively in the creation of addresses. To make this possible, a cryptographic key pair is generated at the user.5 The private key is used for signing transactions6 (confirmation of ownership) and the public key is used for generating addresses. The key pair is generated in the Bitcoin system, as in many other cryptocurrencies (e.g., Litecoin, Dogecoin, etc. [69]) with the ECDSA public key procedure (Elliptic Curve Digital Signature Algorithm) based on elliptic curves.7 First the private key is generated, which represents a random number. The public key is derived from the private key and then “hashed.”8 In the end, the address is a 160-bit alphanumeric value (e.g., 16UpLN9Risc3QfPqBMvKofHfUB7wKtjvS). This is why such addresses are also called a “Pay To Public Key Hash Address” or a P2PKH address (see Fig. 3.3). Some blockchain applications offer so-called multi-signature addresses. Several private keys are generated for this purpose [55] with the intention of increasing security. The recipient, who has received assets, must own all of the necessary private keys in order to use the assets that he has received. In a company that accepts bitcoins, multi-signature addresses can, for example, be used to confirm the expenditures of individual employees after the approval by controlling. In this case, both the employee and the controller each have their own private key for one shared Bitcoin address [63]. Since generally all information (in the Bitcoin system, e.g. transaction) are public in a blockchain9 system for all users, it is always possible to track the previous owner (the P2PKH address) as well as the entire “history” of a value and to see all of the
5 In
his blockchain app. Sect. 4.1.1. 7 Explaining this exciting, but very complex, mathematical procedure would go beyond the scope of our intention here. 8 To generate the address from the public key, two cryptographic hash function are used in succession on the public key (RIPEMD-160 and SHA-256) and the hash result is encoded according to the Base58 scheme (letters and numbers with the characters 0 (zero), O (capital o), I (capital i) and l (small L)). 9 As applies to the public blockchain and the consortium blockchain (see Sect. 4.1.4). 6 See
20
3 Technical Basics for a Better Understanding of Blockchain Technology
transactions carried out with a specific address.10 Users are therefore advised to use their addresses only once and to generate a new address for each new transaction [52]. Each user-address has its own set of values.11 It is also possible to use multiple wallets for different purposes. These generally contain the following information: • • • •
a cryptographic key pair (or also several), an address generated using the key pair, a list of transactions carried out by and addressed to the user, other functionalities that depend on the provider of the software.
It is important, above all, that the users sufficiently protect their private key. Because the one who has the private key is allowed to trade with the values bound to it, more specifically to the P2PKH address (further information in Sect. 4.1.1).
3.2 Exchange Among Equals One of the key strengths of blockchain technology is its architecture. It makes available to multiple users a decentralized, autonomous and secure system. In the following, we introduce the decentralized system behind blockchain technology. We explain how the information, for example, in the form of transactions traded values such as bitcoins, can reach their new owner. A blockchain-based system is built on a so-called peer-to-peer network (P2P).12 The peers are the system users. These, or more precisely their user apps (in the following referred to only as users), represent the nodes in the network. They all have equal rights and can use services and make them available to other users. In the case of the Bitcoin system, it is Bitcoin users who have the Bitcoin app on their computer. With the help of this app they can use the Bitcoin service and the Bitcoin infrastructure to transfer bitcoins or to receive them. At the same time, they are a part of the Bitcoin infrastructure, as they save the complete blockchain,13 verify it, disseminate the received data, and update the blockchain. In the area of the Internet
10 This
expresses the original idea of a blockchain system as a secure, decentralized register. values can only be traded if the user has the corresponding private key(s) that match(es) the user address. 12 A P2P network – peer-to-peer network – is a computer network in which all computers work together on an equal basis. This means that each computer can offer other computers functions and services and, on the other hand, may use functions, resources, services, and files offered by the other computers. The data is distributed across many computers. The P2P concept is a decentralized concept, without a centralized server. Each computer in such a network can be connected with several other computers [144]. 13 The term blockchain here refers to all of the transactions that have ever been carried out in the respective system. This affects the public blockchain and the consortium blockchain (see Sect. 4.1.4). 11 These
3.2 Exchange Among Equals
21
user app
user app
user app
protocol
protocol
protocol
Consensus algorithm, assigned value, set of rules Architecture: transactions, blocks, chain, P2P Fig. 3.4 Abstract representation of the blockchain layer architecture
of Things (IoT) the nodes are, however, IoT devices or IoT gateways that interact with each other in the decentralized network. In P2P networks, communication takes place via an unencrypted Internet connection (see Fig. 3.4). Because P2P networks have no authentication mechanisms nor a central administration point for users, the usual methods implemented by P2P networks for finding other nodes and for disseminating information are carried out (see Fig. 3.5) [4]. Basically, in a blockchain system14 all nodes are “created equal” and can be both clients (service users) and servers (service providers). If we look at the size of the Bitcoin Blockchain (in May 2020: 277 GB), it is understandable that not every user is able to have enough resources for storage and verification. The application should be as “lean” as possible, especially for mobile users. Thus in a blockchain system there are two types of users [4]: • “Servers,” or full nodes have both incoming and outgoing connections to other users. This means that they “ask” other users for a connection using their
14 Applies
to the public blockchain and the consortium blockchain (see Sect. 4.1.4).
22
3 Technical Basics for a Better Understanding of Blockchain Technology
Peer-to-Peer network
Client-Server network
User 1
User 1
User 2 User n+1
User 2
User n+2
User 3 Server User n
User 3
User n+1
User 4 User 4
User n
Fig. 3.5 Comparison of P2P and client-server networks
IP addresses, or they are asked by other users for a connection. The full users save the entire blockchain15 and are involved in the verification process. • “Clients,” or lightweight nodes (light nodes, thin clients or, more rarely, SPV16 nodes) are the most common17 users in blockchain-based systems. These only have outgoing connections and only save a part of the blockchain [13]. They set up a connection to full nodes to get information that only affects them. Additionally, users who have a different IP address externally as, for example, inside their company network18 are among the clients. Both types of users (client and server) in the Bitcoin system support eight outgoing connections to other users. A full Bitcoin node supports additionally up to 117 incoming connections. This division makes sense both for reasons of security19 as well as for reasons of scalability.20 We find the same division, only with other numbers, in other blockchain-based systems, such as e.g., Ethereum.
15 Here the term blockchain is understood to include all of the resources associated with it, including the database. In the Bitcoin system these are, for example, all transactions that have ever been executed. 16 SPV – Simplified Payment Verification (see Sects. 4.2.2 and 5.1.3). 17 It is estimated that there are 13 times as many clients as servers in the Bitcoin system [4]. 18 For example, users behind a firewall or NAT. 19 An attacker node is not able to manipulate more than eight other nodes at the same time. 20 The number of lightweight nodes is much higher. That means that the full nodes, which are already in the minority, must have more incoming connections.
3.2 Exchange Among Equals
23
If one of the outgoing connection is no longer active (e.g., because the user is offline), this connection is replaced by a new one [4]. Information is exchanged via this connection, e.g. new transactions, blocks, or IP addresses21 of the full nodes (servers). Every user (client and server) maintains a list of multiple IP addresses of other full nodes (servers) in the network and updates them regularly by exchanging them with other users. The IP addresses are not linked to the cryptographic addresses.
Back to the example of Alice and Bob. Alice is often on the go and wants to be able to use the Bitcoin system on her laptop. Let’s assume that her laptop doesn’t have enough memory and computing capacity to run a full node. We will also take into account that she always logs into different networks: at home, in the library, or at the office. She installs the Bitcoin software and sets up a lightweight wallet. The software already contains pre-programmed DNS names22 (also known as DNS seeds, e.g., seed.bitcoin.sipa.be, seed.bitcoinstats.com etc.), that contain several IP addresses of full nodes (see Fig. 3.6). The software then establishes connections with some of the full nodes from the list and asks them for further IP addresses. The list of IP addresses is constantly updated. Thus, the software from Alice can support up to eight connections. This means, that Alice can exchange information with eight other users – in this case full nodes. First, the “lean” version of the current blockchain is downloaded. Alice also sends her transactions to the nodes and receives from them the information that is only intended for her. The disadvantage of a lightweight node is its lower level of security. Alice must trust the full node because she is only using the “lean” version of the blockchain and therefore cannot check all of the previous transactions. 22
The Domain Name System (DNS) combines numeric (IPv4) and alphanumeric (IPv6) IP addresses with easy to remember domain names so that users are not forced to remember number sequences, but instead meaningful names. For example, hiding behind the DNS name hpi.de is the IPv4 address 141.89.225.126.
The information in a blockchain-based system is exchanged according to fixed rules. These prevent, for example, that information which is already sent by one user (e.g., block, transaction or IP address) can be sent twice to another user. In this way, the network is also protected from overload.
21 In
the Bitcoin network: IPv4, IPv6, and OnionCat addresses [4, 13].
24
3 Technical Basics for a Better Understanding of Blockchain Technology
Fig. 3.6 Resolution of the domain name of a DNS seed
In contrast to the example of Alice, let us assume that Bob runs a full node. He then has a complete copy of the blockchain and, besides the eight outgoing connection to other users, can have up to 117 incoming connections. Via these connections, he receives all new transactions and blocks of the other users, verifies them according to defined rules, and forwards them. The valid information (e.g., blocks or transactions) are stored in the user’s cache (memory pool or “mempool”), the invalid information is discarded.
3.2 Exchange Among Equals
25
Fig. 3.7 Dissemination of information in a blockchain-based network
- further users
The full nodes are the backbone of the Bitcoin system. They allow the system to grow and at the same time remain secure and decentralized. All information (new blocks, transactions and IP addresses) is passed from one user to another (Fig. 3.7). The full nodes pass on some new transactions together with the newly received ones, so that it appears to the other users as if it were their own. A node checks the information received according to the defined rules each time. If he has already received the same data/information from another user (i.e., it has already been saved in his memory pool), he discards the newly arrived data.
3.2.1 Obfuscation As already mentioned, transparency is one of the most essential properties of blockchain technology. In many application areas, however, this property would restrict or violate the privacy of the user. But if the focus is, for example, on the traceability of different ingredients23 in food or the traceability of information about the storage status24 (temperature and humidity) of a drug along the supply chain,
23 The ClearKarma company offers a solution for continuous traceability of the ingredients used in the food industry [92]. The company plans a cloud-based platform with detailed information about food products, with the history of all information changes verified and stored in the blockchain. 24 The Modum.io company offers a solution for continuous data integrity in a supply chain using blockchain technology [157].
3 Technical Basics for a Better Understanding of Blockchain Technology
Pub
Hello World
er C Roulitc Key
26
Encryption
rB ute y Roblic Ke Pu Route r P
ublic K A ey
Router C
Private Key
Hello World
Sender
Router A
Private Key
Router A
Router C
Router B
Private Key
Recipient
Router B
Fig. 3.8 TOR network
transparency and forgery protection are of central importance. In matters of private finances, on the other hand, this is usually not desired. It should be noted that the anonymity of users, enabled through the use of pseudonyms, is only partially effective, as IP addresses and transaction history make it possible to find out a user’s identity (see Sects. 3.1.2 and 4.2). Bitcoin therefore recommends that its users (lightweight nodes) use the anonymous network TOR in order to disguise (obfuscate) their IP addresses [52]. With the standard software Bitcoin Core25 full nodes can automatically use the “TOR Hidden Services” for greater anonymity (see Appendix B) [65]. The TOR network provides a service that anonymizes the connection data. The name TOR is an abbreviation that stands for “The Onion Routing.” As the name implies, so-called onion routing is characterized by the multiple encryption of a message. The TOR client thereby, searches for a route through the network, which consists of a number of onion servers (onion routers) each of whom provides a public key (Fig. 3.8). As a rule, the route passes though three servers. After a route has been found, the TOR client first encrypts the message with the public key of the last onion server (router C) and then adds its address. Afterwards, the already encrypted message and
25 Since
Version 0.12.0, was published on 23 February 2016.
3.2 Exchange Among Equals
27
the address of router C are encrypted with the public key of the second to last server (router B) and its address is added, etc. After that, the message is decrypted layer by layer during transmission by multiple onion servers. Each server involved in the routing is able to decrypt the message intended for it with its own private key. In turn, within the message it finds a further encrypted message and another address. The message is then forwarded (“not understood”) to the given address. In this way, every onion server only “knows” its predecessor and its successor. Only the last link in the routing chain is able to decrypt the actual message and read it in plain text. The implementation of a TOR network is only possible for outgoing connections. To support incoming connections in the TOR network, the user can make use of the so-called hidden services.26 In this case, the full node acts as a service provider and arranges a “meeting point” with the service recipient (another user). This is a secure onion server, also known as a rendezvous point. This is done as a means of ensuring secure and anonymous communication [65]. Since there are no sender addresses in the Bitcoin system,27 it is expressly recommended that to protect its private sphere the user make use of a new address each time a payment is received. To further conceal the recipient, the previously mentioned mixing service can also be used. The legality of using such services may be subject to different rules depending on the laws of the country involved [52]. The listed methods offer more anonymity in the otherwise transparent blockchain system. Nevertheless, users should take increased safety precautions to protect their privacy, as well as to protect the blockchain values (cryptocurrency such as bitcoins; possession of something such as a rented bike; or as an authorization to unlock the door of a room).
3.2.2 Data Protection and Liability As we have seen, a blockchain-based system has no central authority (it functions in a decentralized and autonomous manner and with a high level of transparency) [52]. These characteristics, which at first glance appear very positive, also lead to data protection issues. The transparency of all data allows the business and, subsequently in principle, also the personal relationships of users to be recognizable [29]. Trust-critical transactions are exchanged between parties without the necessity of disclosing the identity of the contractual partners to each other or to the public. In this way, anonymity or pseudonymity are employed as data protection instruments [102].
26 TOR
hidden services. put, each transaction contains the Bitcoin value and the recipient address and is then signed by the sender. The user can only issue the received Bitcoin value with its private key, which it has created together with the public key for the transaction (see Sect. 4.1.1). 27 Simply
28
3 Technical Basics for a Better Understanding of Blockchain Technology
According to Pesch and Böhme [29] bitcoins (and cryptocurrency in general) can neither be unequivocally classified as the legal object “item” nor the legal object “money.” For this reason, because of the prohibition in criminal law of analogies28 that incriminate the perpetrator, bitcoins (and cryptocurrency in general) cannot be the object of criminal offenses whose facts only relate to item or money [29]. It remains to be seen whether other blockchain values can be described as “item.” One of the most widespread application areas of blockchain technology is the smart contract.29 The smart contract impacts areas of life that have traditionally been regulated by analog law or institutions [102]. The company Agrello [42] has taken up this problem and presents a solution in the form of legally binding smart contracts. Agrello offers a product with a user-friendly interface that supports the user in the creation of a legally binding contract. The created contract is transformed into an smart contract and stored in a blockchain. At the same time, a legally binding contract in natural language is drawn up and digitally signed [42]. The user is supported during the creation of the contract by an AI30 agent.
3.3 Consensus Finding In previous chapters, we have already described several challenges facing decentralized systems when compared to centralized models. Processes such as user authentication, and resource and system administration are distributed to all users in the system. The biggest challenge thereby is to reach an agreement on a state of the system that is “true for everybody” – in other words, which order and execution of content is correct and which is not. This agreement, or “consensus,” can, for example, be made difficult by incorrect information from malicious users. The problem of consensus finding is also known as the “Byzantine Generals Problem.” The name comes from a scientific work by Leslie Lamport, Robert Shostak and Marshall Pease [19] and describes an allegory31 of the consensus finding problem in a decentralized network. The components of a computer system are compared with a group of Byzantine generals.32 The generals communicate through a messenger and must agree on a common strategy. Both the generals and the messengers could be traitors and try to manipulate loyal communication partners
28 “The prohibition of analogy exists particularly in criminal law. Accordingly, a judge is forbidden from convicting someone of a non-punishable act, even if the judge deems it to be punishable, or if it bears resemblance to another act that is punishable but it does not fully comply with it. This ban applies above all to loopholes in the law.” – Definition according to [146]. 29 For further information see Sect. 5.1.2. 30 AI – Artificial Intelligence. 31 Rational comprehensible image as representation of an abstract term [104]. 32 During the siege of Constantinople in 1453 AD, the Byzantine generals were to attack the city with their troops.
3.3 Consensus Finding
29
in decision making. The solution to the problem is an algorithm that helps the loyal generals to reach an agreement in spite of the traitors. The more malicious users a decentralized system can tolerate under real conditions,33 the more robust the solution must be. In Castro and Liskov’s solution [7] “Practical Byzantine Fault Tolerance (PBFT),” for example, up to a third of malicious users (also called Byzantine faults) are tolerated. The biggest weakness of this solution is its scalability. The more participants (users) the system has, the more messages must be exchanged within the framework of the consensus between participants. In this way, the runtime increases quadratically with the number of system users. In the past, consensus solutions for decentralized systems were dependent on numerous conditions (permissioned system). For instance, the number of system users and/or their identities had to be generally known. With decentralized networks such as the Internet (permissionless system), this would, however, be highly inefficient if not impossible. In contrast, the Nakamoto consensus mechanism anchored in blockchain technology and used for the first time in the Bitcoin system also works in networks without any conditions for the number of system users or their identification (permissionless system). Users are free to join and leave the network at will [24]. The Nakamoto consensus solution makes the assumption that in a system without participation conditions (malicious users can create many false identities) the majority of the computing power is in the hands of honest users and not that the majority of users are honest. This ensures the robustness of blockchain technology [28]. But what does this have to do with computing power? Instead of selecting master users (master nodes) who make a majority decision by coordinating with other users, any user who solves a computational task faster than any other system user, is allowed to make the decision. This concept is known as Proof-of-Work (PoW). The computational task consists of simply trying out any number of hash values to find a value that corresponds to the target. To do this as quickly as possible, a user needs highly efficient hardware that can, for example,34 calculate/attempt 15 million hashes in a second. This hardware, therefore, has a much higher energy consumption than what is usual. For the attacker, this is an equally high energy consumption and accordingly means much higher costs (see Sect. 4.1.3 and 51 percent attack in Sect. 4.2). The “winner” can expect a reward, intended as a motivation to put forth computing effort. Because in the Bitcoin system the reward partly consists of newly minted bitcoins, which are distributed to the creator of the new block, the process is compared with that of extracting raw materials, and one speaks of mining.
33 For example, in the Internet. Such solutions as the Byzantine Agreement (BA) Algorithm (see Appendix A) Paxos or Raft are intended for decentralized systems with limited/static users numbers. A majority decision is made between the pre-selected users (so-called master users or master nodes). 34 NVIDIA GeForce GTX 1050 Ti with the Ethereum algorithm [156].
30
3 Technical Basics for a Better Understanding of Blockchain Technology
Correspondingly, a user who creates new blocks is called a miner: “whoever mines carries out hard work to get to the desired material.” The consensus solutions are implemented by algorithms, which are implemented in the form of protocols.35 What exactly is the reason for an agreement and what decision are the users of a blockchain-based system allowed to make regarding the use of their computing capacity? We have previously written that users have to agree on a state of the system that is “true for everybody.” Since all resources are distributed to all users in the system, this means that everyone has an identical copy of all data in the system (replicated database), its order (time stamp) and the execution of content is expected to be correct (i.e., not manipulated). Every user thus checks the information received from other users (e.g. IP addresses of other users, transactions, and blocks) and saves this in his cache (memory pool). At this point, decision-making comes into play – namely which received information and in which order is written into the system (database). Because the information (data) takes different times to be spread in the network due to the network delays, different users can have different copies of the system (database). The order, or more precisely the time stamp, is implemented in a blockchain-based system using hash chains. The information (data) already included in the cache (memory pool) is put into hash chain form by those users competing for the reward. First, the information36 is compiled in a compact form of limited size37 called a block (more on this subject in Sect. 4.1.2). The block should be linked with the information already available in the system, namely with the already existing blocks. For this, we create a block header with a reference to the last block in the system. This reference is nothing more than a hash of the block header of the previous block. After a block has been prepared (more on this in Sects. 4.1.1, 4.1.2 and 4.1.3) and the computing task has been solved, the block, together with the solution, is distributed to all users in the same way as the other data in the system (information: IP addresses of other users, transactions). Each user receives the new block, verifies it and adds it to the previous block (last block). Thus an ordered blockchain is created. If several users solve the computational task at the same time, this causes the chain to branch – creating a so-called fork. The probability that more than two users arrive at a solution at the same time is very low. This means that two new blocks have the same previous block and are distributed with different delays in the network. This results in users having different blockchains (copies of the system). Other reward-motivated users link their new block to the block they received first. The longest chain is always given preference because it is not worthwhile for users to continue to “build” a chain that will ultimately not prevail. This economicallymotivated decision represents the consensus. Through the linking of the new block
35 Definition of standards and conventions for a smooth data transmission between computers [104]. 36 In the Bitcoin system, e.g., in the form of transactions transferred values – bitcoins. 37 In the Bitcoin system, for example, 1 MB and in Ethereum approx. 27 kB (as of May 2020).
3.3 Consensus Finding
31
with one of the branched preceding blocks, the user votes for one of the two chains in the form of computing capacity. This means that the chain with the most votes (in other words, with the greatest computing capacity) “wins.” In this way, the decentralized system remains “consistent.” The competition for the reward in the Bitcoin system has led to an “upgrade” of hardware among users (miners) involved in consensus building. Many miners combine to form so-called mining pools so as to bundle their computing capacity. This has led to a constant increase in energy consumption and of the costs associated with it. The charge of energy waste is the greatest point of contention in the Proofof-Work concept. In contrast, the consensus concept called Proof-of-Stake (PoS) is not based on the effort expended in solving a computational task, but on the proportion of digital coins in a cryptocurrency. A user who have the n percent of the digital coins, may create n percent of the blocks. In the Peercoin system38 (uses PoS and PoW – hybrid consensus) the usable portion of digital coins is based on the “age of the coins.” The number of digital coins that a block producer owns is multiplied by the number of days in which the digital coins are kept at the block producer (e.g., if Alice has received 5 coins from Bob and these have already been kept in her blockchain application (wallet) for 10 days, the coin age is thus 50 coin days). For successful block generation, the coin age must be between 30 and 90 days. The block producer addresses these digital coins in the first transaction to himself when the block is created. After that, they are first valid for minting (block generation in PoS systems) again in 30 coin days. Every user of the peercoin system can create a block and annually receive a reward worth a maximum of one percent of the digital coins held. The reward consists of newly minted peercoins. In contrast to the Peercoin and Bitcoin systems, with the cryptocurrency NXT all digital coins are available from the start (Genesis block). Here, the transaction fees serve as motivation for the block creators. NXT uses a modified PoS algorithm [5]. With the pure PoS concept, a problem exists called “nothing at stake.” In the event that the chain branches, minters (block generators in PoS) can build new blocks in parallel on both branches without significant losses. In this way, the possibility exists of the “double spending” of digital cryptocoins (double spending problem). Since in this case loss is not as noticeable, as for example with the PoW concept (already consumed energy), the motivation for attackers is greater with PoS, making it more of a vulnerable target [5]. This problem is solved in an expanded form by PoS known as a “delegated Proofof-Stake.” Delegates (“trusted persons,” who are users) are selected according to specific criteria (e.g., based on the number of digital coins in their possession or the votes cast by other users). They may participate in minting and verify the blocks created by other delegates. For a new block to be accepted, several delegates must
38 Peercoin is a peer-to-peer cryptocurrency that is based on the design of Satoshi Nakamotos Bitcoin [18].
32
3 Technical Basics for a Better Understanding of Blockchain Technology
sign it, following successful verification. In order to avoid attacks, the digital coins of the delegates are blocked in the event of malicious behavior. A further alternative to PoW and PoS is the Proof-of-Burn concept (PoB). Here, digital coins are destroyed during mining (figuratively-speaking “burned”). The more digital coins are destroyed, the higher the chance that the newly created block will be accepted and entered into the chain. The digital cryptocoins to be destroyed are sent to an address where they can no longer be used. Within the Stellar Consensus Protocol (SCP), work continues to be carried out on solving the problem of the Byzantine generals.39 Stellar is a public finance platform that makes it easy to send money in different currencies. SCP is based on a new consensus model that was described for the first time in the SCP white paper.40 It is called the Federated Byzantine Agreement (FBA). In the FBA, users do not need a full overview of all other users in the system. Every user has a free choice of trusted membership groups – so-called quorum slices. A quorum is a quantity of users necessary to reach an agreement. A quorum slice is the subset of a quorum that can convince a particular user of the agreement. Each user can have multiple slices that can be chosen based on their reputation or the respective financial arrangement [23]. The quorums can overlap if they have common users. In order to reach an agreement, the FBA users coordinate with each other. To facilitate this they use socalled federated voting. Because of the overlap of quorums, the slices can mutually influence each other in decision making. New digital coins in the Stellar system, also known as Lumens (XLM), are awarded weekly to users through such a vote (one percent annual creation rate). In decentralized networks, the consistent distribution of resources is an essential property. This is guaranteed in Blockchain-based systems by a user’s vote for the longest chain. Since malicious users can manipulate voting (double spending, Sybil attack), various mechanisms are used to regulate voting. As part of the Proof-of-Work concept, votes are cast in the form of physical resources (energy consumption through an outlay of computing power). In order to keep losses as low as possible and to win the competition for the reward, users must abide by the rules (build correct blocks). The expensive alternative is to convince other nodes of the correctness of the blocks by means of the highest computing power (more than 51 percent). Under these circumstances, the “penalty” for malicious behavior is relatively high. This is an even greater motivation for individual miners (block creators who are not involved in any mining pools) to act according to the rules defined in the system. The probability is very low that in a system with many users, such as
39 Byzantine 40 White
Agreement (BA, see Appendix A). Paper of 25 February 2016.
3.3 Consensus Finding
33
Bitcoin, one of them has more computing power than all other nodes put together (over 51 percent of the total computing power41). Concepts such as PoS and PoB solve the problem of the wasteful use of energy by shifting the focus from the physical to the electronic resources. Yet at the same time, this increases the likelihood of a branching of the chain and of double spending, which in turn can be resolved with further restrictions (e.g., with the delegated Proof-of-Stake concept).
41 There is indeed also the possibility to launch an attack with less computing capacity than 50 percent of the entire network. The success rate is, however, correspondingly low (see Sect. 4.2).
Chapter 4
Where Does the Hype End, and Where Does the Innovation of Blockchain Technology Begin?
Abstract Now we are ready to go deeper into the subject matter, and you have a chance to form a first opinion about blockchain technology – is it an innovation or only hype? Thereby, we will take a closer look at the architecture of blockchain technology using well-known examples such as Bitcoin and Ethereum and addressing challenges including security and scalability.
Although blockchain technology is still relatively young, it has become a much talked about topic of conversation everywhere. The enigmatic Bitcoin project as the first implementation of the technology, and its rapid dissemination in many different areas, has initially turned the topic of blockchain into one surrounded by hype. Time and again, the media reports on new, unbelievable increases or sharp drops in value, and even about the possible demise of the bitcoin. In its Hype Cycle for Emerging Technologies 2016 [36], Gartner, the word’s leading research and advisory company, placed blockchain in the Peak of Inflated Expectations (see Fig. 4.1). In this phase, “early publicity produces a number of success stories – often accompanied by scores of failures. Some companies take action; many do not.” [123] After the initial interest of the media faded – we believe this is likely due to the fact that the technology still finds itself in its infancy, regarding elaborated cross-technology standards, uniform interfaces and proven cases of application – technology moved to the next phase of the Hype Cycle. According to Gartner’s Hype Cycle for Emerging Technologies 2017 [37], blockchain experienced a descent into the Trough of Disillusionment. Specific standards and uniform interfaces will likely be set after the new technology overcomes its expected decline and the unfulfilled expectations and negative reports that accompany it. We believe this will lead to the next phase, the Slope of Enlightenment, from which the Plateau of Productivity will then be reached. Realized in this phase will also be a greater application on the market. As long as blockchain technology lacks mature and uniform standards, it will hang in the balance between the hype of unrealistic expectations and its place as an innovation whose solutions are still marked by random difficulties. © Springer Nature Switzerland AG 2021 T. Gayvoronskaya, C. Meinel, Blockchain, https://doi.org/10.1007/978-3-030-61559-8_4
35
36
4 Where Does the Hype End, and Where Does the Innovation of Blockchain. . .
Fig. 4.1 Generic Gartner Hype Cycle Graphic (2020) [123]
In the previous chapters, we already revealed part of the blockchain hype and showed that, as opposed to being a cure-all, blockchain technology is in reality a successful combination of existing technological approaches from the areas of cryptography, decentralized networks and consensus-finding models. In this chapter, we would like to explore the real strengths and challenges of blockchain technology and provide a technical overview.
4.1 Traceability, Forgery Protection, Reliability The use of a new technology in an existing system must offer specific advantages, for instance an increase in efficiency or a reduction in costs. This is the same with the use of blockchain technology. Particular attention must be paid to those properties in the technology that bring added benefits, when compared to already established technical solutions. Thereby, attention is focused on the original idea of a blockchain: namely of providing a secure decentralized public register. The traceability of all entries in the system and the associated security against forgery make blockchain technology particularly attractive for logging data. For example, it offers a basis for various registers, such as a land or a medical register. Additionally, blockchain technology allows a secure, decentralized and transparent exchange of values between the numerous involved users – without the need for a trusted middleman (also called a trusted third party). This means that the data to be recorded (e.g., possession of a value) can be written into the blockchain by multiple
4.1 Traceability, Forgery Protection, Reliability Fig. 4.2 Blockstack-layer architecture
37
Storage Data plane Routing Virtualchain Name-, identity- and authentication system
Control plane
Blockchain Sequence of blockstack operations
parties and can also be read from the blockchain. The distribution1 of the blockchain on any number of independent computers provides protection in the event of system failure or data loss. In regards to data protection, only cryptographic fingerprints of the data (hash values) can be stored in the blockchain in a tamper-proof manner, for example. The actual data can be stored elsewhere.2 For example, the Blockstack identity system uses the advantages of blockchain technology and only records the Blockstack operations in the blockchain (Fig. 4.2). The other functionalities, such as the management and storage of data, are regulated outside of the blockchain (for more information see Sect. 6.2). In contrast, pure cryptocurrencies have a simpler architecture (see Fig. 3.4): • Blockchain as the foundation, • Specific rules for the respective cryptocurrency (among them the consensus algorithm) and • A user application in which everything is implemented. Based on these issues, the individual blockchain applications differ from each other. Some of them are clearly more complex in their structure than others. However, what they all have in common is their underlying architecture (a cryptographic timestamp service/a cryptographic linking of the blocks and a consensus represented by the longest chain – see Sect. 3.3). Only when blockchain architecture is fully understood, do properties such as protection against forgery and traceability become completely clear. In the following chapters we would like to take as starting point the content/information that is included in the decentralized blockchain database.
1 Replication. 2 CloudRAID,
for instance, provides a suitable infrastructure to do this.
38
4 Where Does the Hype End, and Where Does the Innovation of Blockchain. . .
4.1.1 The Smallest Component in a Blockchain A network based on blockchain technology is often called an Internet of value. This term applies to only one of the application areas or, more precisely, the first generation3 of blockchain-based projects (bitcoin-like projects). A cryptocurrency unit (digital crypto coin), an event or a product4 – for example, an object offered for sale on a trading platform – can represent a value. In blockchain technology a value always has an owner. The current status of who owns the value is documented in the blockchain register. Consequently, blockchain technology is often compared to a public register. Behind the second generation of blockchain-based projects is a further development of the original concept of blockchain technology. Not only is a robust and secure decentralized system for logging the ownership of a value possible, but the system acts as a large decentralized computer with millions of autonomous objects (smart contracts), which are able to maintain an internal database, execute code and engage in mutual communication [130]. Ethereum, for example, is among the first projects of the second generation since 2014. Blockchain projects of both generations are concerned with updating and logging the respective, current state of the system.5 The first generation deals with the current state of a value; specifically, who owns a certain value (unspent transaction output – UTXO). Blockchain 2.0 deals with the current state of an Account (account state – balance, code, internal storage). These accounts are, for example, divided into two types in an Ethereum network: external and internal accounts. External accounts6 are comparable to a bank account and have an “account number,” more specifically an address,7 and information about the balance and transactions that have been made via the address. Users of the Ethereum system have external accounts, and can by means of transactions “transfer” Ether8 to other external accounts or activate internal accounts – that are assigned to the autonomous objects (so-called smart contracts). The smart contracts have an address and thus an account and their own code, by which they are controlled (for more on the subject of smart contracts see Sect. 5.1.2). The code can implement any rules and conditions
3 The use of blockchain technology is not only limited to the areas of cryptocurrency or decentralized registers, but the technology is used as a programmable decentralized trust infrastructure [192], the so-called Blockchain 2.0 (smart contracts). 4 Based on the supply-oriented definition, a product is everything that is offered on the market for use or consumption and that satisfies a wish or a need. Accordingly, not only physical objects are referred to as products, but also various services, ideas, etc. fall under the category of products. This term encompasses all materials and immaterial facets from which customer benefits can result [40, 163]. 5 Therefore blockchain technology is often called a “replicated state machine.” 6 Externally owned account – EOA. 7 Similar to a Bitcoin address – see Sect. 3.1.2. 8 The digital cryptocurrency of the Ethereum system.
4.1 Traceability, Forgery Protection, Reliability
39
and thus allow complex applications. These applications run without any central “coordinator” on computers of all full nodes and accordingly form a censorshipresistant, decentralized world computer [38, 74, 130]. The current state of a value or an account is updated using a transaction. In this way, the transaction represents a bridge, or valid transition between two states – the previous one and the current one [38]. The transaction format and components differ depending on the system. Generally-speaking, a transaction consists of specific data, values, or code (transaction for the creating a smart contract), of one or more recipient addresses, parameters that are typical for the particular system, and the digital signature of the sender. Blockchain projects of the first generation only log the current state of a value and have a relatively simple transaction structure. This structure has two essential components: an input and an output. The value to be transferred (which the user already has) is referenced in the input. The output indicates to which address this value is to be “overwritten.” In other words, an output of the already valid transaction is referenced through which the sender received the value at an earlier point in time. In the case of a cryptocurrency, an input can contain multiple crypto coins, thus in the output must indicate the number of crypto coins from the given input and the address to which they are to be issued. A newly created value, for instance a newly minted digital crypto coin or a new object for sale on a trading platform, has no prior history. In this case, the transaction input is empty. The output in this case represents the object or a number of newly minted crypto coins and indicates the recipient’s address (the owner of this value), for example the hash value of the public key of the block creator (miner). Only with the next transaction, when the value is “overwritten” from one user to another, will the previous output (unspent transaction output – UTXO) be referenced in the input. This reference to an UTXO consists of a hash value of the transaction that contains this output as well as an output index, since a transaction can contain multiple outputs. In the Bitcoin system, all previous transactions that have been addressed to a user, but not yet been issued, are listed in the user’s wallet as the current Bitcoin holdings. These previous transactions are used in new transactions of this user as inputs. Several outputs are possible if the value to be transferred is divided between several recipients. If the sender wishes to transfer a smaller amount of money than that which is available through all inputs put together, the sender has the option of transferring the remaining amount to himself. If the sender has a leftover amount in his transaction that he does not transfer back to himself, it is then considered a transaction fee (Fig. 4.3). Transactions cannot be reversed. In the Bitcoin system, the output is locked by a mechanism called ScriptPubKey [44]. ScriptPubKey consists of a series of instructions that describe how the owner of the respective recipient address can gain access to the value [66]. In addition to the reference to the value, another mechanism is required in the input. This is ScriptSig. It unlocks the value, after the conditions set in the previous output are
40
4 Where Does the Hype End, and Where Does the Innovation of Blockchain. . .
e AlicP air Key
Transaction e2f2581b...
BobPair Key
Transaction 80b4d0b7...
rlie ir Cha Pa Key
Transaction e3a47a5d...
Inputs Index 0 TXa2c...(2 BTC from David) +ScriptSigAlice
Inputs Index 0 TXe2f...(1 BTC from Alice) +ScriptSigBob
Inputs Index 0 TX80b...(1,2 BTC from Bob) +ScriptSigCharlie
Index 1 TXsk4...(4 BTC from Amy) +ScriptSigAlice
Index 1 TXc2c...(1,5 BTC from Carl) +ScriptSigBob
Index 1 TXe2f...(3 BTC from Alice) +ScriptSigCharlie
Outputs Index 0 1 BTC, ScriptPubKeyBob
Outputs Index 0 0,7 BTC, ScriptPubKeyAmy
Outputs Index 0 0,1 BTC, ScriptPubKeyKarl
Index 1 3 BTC, ScriptPubKeyCharlie
Index 1 1,2 BTC, ScriptPubKeyCharlie
Index 1 4 BTC, ScriptPubKeyAmy
Index 2 1,98 BTC, ScriptPubKeyAlice
Index 2 0,5 BTC, ScriptPubKeyBob
Index 2 0,05 BTC, ScriptPubKeyCharlie
Fig. 4.3 Transactions in the Bitcoin system
fulfilled, for example if the sender can prove a suitable address and a signature that corresponds to the address (Fig. 4.4).9 In 2012, in the context of the BIP16,10 in the Bitcoin system, a new functionality was implemented. It gives Bitcoin recipients a way to define instructions about how the received bitcoins can be issued later, or, more specifically, how they can be unlocked. Thus a so-called Pay-to-Script hash address (P2SH address) is defined.
9 As previously described, the address corresponds to the hash of the public key. In this way, the sender can use the values (or more specifically, the UTXOs) addressed to him only if, in addition to the public key, he has a matching secret key (private key), which he uses for signing. 10 Bitcoin Improvement Proposal (BIP) is a design document for the introduction of functions or information in Bitcoin [56].
4.1 Traceability, Forgery Protection, Reliability
41
Fig. 4.4 Example of a Bitcoin transaction with an input and an output
This is often used for multi-signature transactions, for example. Just as with the payto-public-key hash address (P2PKH address) previously described, a hash value is specified as the address in the output, or more precisely in the ScriptPubKey. Only in the case of P2SH is the hash value from a “script”11 (a series of instructions) and not just one public key. This means in the next transaction that will “spend” the value, an appropriate unlocking mechanism must be used. In this case, the ScriptSig does not only provide a signature and a matching public key for verification, but a script and the necessary data (public keys and signatures). The transaction structure in the blockchain projects of the second generation is significantly more complex. In the Ethereum system a distinction is made between two types of transactions: transactions that are “exchanged” between the accounts and transactions that are used to create new smart contracts (contract creation transactions). Transactions that are exchanged between the accounts are in turn again divided into two types: transactions that are made by external accounts, and so-called messages that are exchanged between the internal accounts of the smart contracts. An Ethereum transaction consists of the following: • Nonce – A value that corresponds to the number of transactions carried out by the sender, • gasPrice – A fee charged in the Ethereum system for every step of calculation in a smart contract. The fees are imposed for security reasons (protection against denial of service attacks), whereby every user, including attackers, should pay for every resource that is used (including calculation, bandwidth, and storage). The fee is measured in units of gas and paid in Ether – Ethereum’s own cryptocurrency. Thus, in every transaction, the current rate of a unit of gas is noted in determining the cost to execute the transaction. • gasLimit – A value corresponding to the maximum amount of gas that is to be used in executing the transaction. It is paid in advance before any calculation is made and cannot be increased later. gasLimit is used to avoid accidental or intentional endless loops or other calculation problems in the code. For this
11 To be more exact: a hash value acquired from the script and the data necessary for it, such as multiple public keys.
42
• •
• • •
4 Where Does the Hype End, and Where Does the Innovation of Blockchain. . .
reason, in every transaction a limit is set on the number of calculation steps that can be carried out in the code. Recipient address (In the case of a contract creation transaction, this field is empty), Value – The amount of Ether that is to be transferred from the sender to the recipient (in the case of a contract creation transaction, the amount of Ether for the newly created smart contract account), Data that is used for the signing of the transaction and to determine the sender of the transaction, Smart contract code for the contract creation transaction, Data for a message (transactions that are exchanged between the smart contracts) [38, 133].
After a transaction has been created, it is passed on to other users with whom a connection exists. Transactions and blocks are distributed from user to user in the system. There is no certain route from one user to another through which the data (transactions, blocks, IP addresses) are transferred, instead every full node verifies the received transaction according to defined rules (see Appendix C), stores a copy in its cache (memory pool) and distributes it to a lot of other users (see Sect. 3.2). Thus, the current state of a value or an account is logged in the blockchain. This also means that every user can keep track of who owned a value and when, and what the state of an account was at a certain time. Here are four examples used to verify transactions in the Bitcoin system: • • • •
A transaction has been signed, A transaction has never been “issued” before, I add the transaction to my wallet if it has been addressed to me, If the transaction has been added to a valid block, it is deleted from my cache.
A transaction is considered valid (e.g., in the Bitcoin system) if it has been included in a block that already has at least five successor blocks. This number was determined based on the assumption that potential attackers do not have enough computing power – or want to expend it – to recalculate six blocks.
4.1.2 Block and Chain After transactions have been distributed to the full nodes in the blockchain network, and after being successfully verified and added to the cache, users can summarize them in a specific list with additional information, for which they receive a reward. In blockchain technology, such a list is called a “block.” The user only has a chance to create a valid block and receive a reward if the block has been created based on the predefined requirements in his system, and if this block has been included in the longest chain (see Sect. 3.3). In bitcoin-similar projects, Proof-of-Work is necessary
4.1 Traceability, Forgery Protection, Reliability
43
in creating a valid block (see Sect. 3.3). In contrast, developers of the Ethereum system are planning to switch from Proof-of-Work to Proof-of-Stake in 2020. Transactions and blocks are the most important components of a blockchain. Besides containing transactions, blocks include other important information. This information is recorded in the so-called “block header.”12 This information is necessary for the correct construction of the blockchain and its verification. In the Bitcoin system, a block header contains the following information: • Nonce13 – an important indication of the correct building of the block; it is used for mining (32 bit), • A reference to the previous block: a SHA-256 hash14 of the previous block header, • An important value for the building of the block that shows a target15 for the cryptographic computational task (see Sect. 3.3), • A block time16 [50], • A reference to all transactions in the block, also known as the root of the Merkle tree (“Merkle root,” 256 bit), • The specification of a so-called “block version” (described in the BIP17 and in one of the Bitcoin core versions18 introduced block version, which complies with specific features/functions and was introduced as a soft fork19). The hash of the previous block header, the nonce and the difficulty target for the cryptographic computation task are relevant information for mining (creation of a new block) (more of this topic in Sect. 4.1.3). As shown in the chapter on cryptography, the hash function allows for clear and simple data identification – practical for a fast and unique referencing. In blockchain technology, the hash values help to ensure the correct order of the data/information. They are used as references (the hash value of a transaction or block is the reference to the transaction or block). A transaction contains, for example, the hash values of the previous transactions. These are (e.g., in Bitcoin-like systems) the input values of
12 In the Ethereum system in addition to the block header and the transaction information, a list of other block headers is also provided, so-called “ommers” or in, Ethereum jargon, “uncles” [38]. 13 In cryptography, the term nonce (short for “used only once” or “number used once”) is used to describe a number or letter combination that is only used a single time in the respective context [200] (more information in Sect. 4.1.3). 14 SHA256SHA256(block header). 15 “Difficulty target”: This value is recalculated every two weeks in the Bitcoin system (more on this in Sect. 4.1.3). 16 More precisely, a time stamp. The block time is a Unix epoch, in which a miner started the creation of the block (of the header to hash – mining). 17 Bitcoin Improvement Proposal (BIP) is a design document for the introduction of functions or information in Bitcoin [56]. 18 Bitcoin core (formerly known as Bitcoin-Qt) is the third Bitcoin client that was developed by Wladimir van der Laan, based on Satoshi Nakamoto’s original reference code [56]. 19 See Sect. 4.1.4.
44
4 Where Does the Hype End, and Where Does the Innovation of Blockchain. . .
dh0123 =dhash( dh01 + dh23 )
dh01 =dhash( dh0 + dh1 )
dh23 =dhash( dh2 + dh3 )
dh0 =dhash(TX0)
dh1 =dhash(TX1)
dh2 =dhash(TX2)
dh3 =dhash(TX3)
TX0
TX1
TX2
TX3
Fig. 4.5 Hash tree consisting of transactions
the transactions (inputs) – specifically, the value holdings/assets (in Bitcoin systems the monetary holdings). In this way, it is possible to track the entire history of the transaction or of the value in the blockchain. The blocks contain two different references. One refers to the previous block (hash of the block header) and the other refers to all transactions listed in the block. These references are called “fingerprints.” The reference to the transactions in the block provides a simple indication of whether a transaction was inserted into the block at a later time or if it has been changed. The Merkle Root is the last hash value in the so-called hash tree. A hash tree (“Merkle tree”) is a tree-like structure (from graph theory) that consists of successive hash values.20 For example, in Fig. 4.5, we see that in Transaction 1 (TX1) a doubled hash value dh1 is first created. This is dh1=SHA256(SHA256(TX1)). The same is done with the transactions TX0, TX2 and TX3. Subsequently, further hash values are calculated from the first found doubled hash value of the original transactions. In this case, the root of the tree dh0123 is the Merkle root. In contrast to the Bitcoin system, the Ethereum system uses an advanced technology for a cryptographically authenticated data structure, namely the Merkle Patricia Tree.21 Thus in a Ethereum block header not only is a Merkle Patricia Root of the transaction list (transactionsRoot) saved,22 but two other roots: one root of the states23 (stateRoot) and one of the receipts24 (receiptsRoot). In addition to the three roots, a further twelve entries are stored in an Ethereum block header. For comparison: a Bitcoin block header consists of six entries [38]. This confirms once
20 In
the Bitcoin system, the hash function SHA-256 is used twice. called the Merkle Patricia Trie or Patricia Trie. This structure enables a fast search for contents, is easy to implement and needs little storage space [133]. 22 There is a separate transaction tree for each block. 23 There is a global state tree that is updated over time. 24 In the Ethereum system a receipt is created for each transaction that contains the specific information regarding its execution (for more on this subject see [38, 133]). Each block has its own receipts tree. 21 Also
4.1 Traceability, Forgery Protection, Reliability
45
again the higher complexity of the Ethereum system when compared to the Bitcoin system. In the Bitcoin system, the block size is limited to 1 MB. A block may therefore contain between 900 and 2,500 transactions. The Bitcoin community has long discussed whether the block size should remain at 1 MB or be increased to 2 MB. On August 1, 2017, the new cryptocurrency Bitcoin Cash (BCH) was created by splitting from the Bitcoin system. Here, the size of a block is set at 8 MB. In the Ethereum system, the size of a block is approximately 27 kB (as of May 2020). One of the requirements for block creation (whether we say “mining” or “minting” depends on the consensus algorithm used, see Sect. 3.3) is that a new block must be created within a certain time. In the Bitcoin system this is 10 minutes (approx. 60 blocks per hour) and with Ethereum a new block is created every 14 seconds (approx. 250 blocks per hour). In the Bitcoin system, new values (i.e., new bitcoins) are generated when blocks are created. The block creator (miner) creates a new transaction in the process of rewarding himself – a so-called coinbase transaction. This transaction is the first transaction in the block. The input of this transaction is correspondingly empty, as the bitcoins are newly created and as yet have no history. The output is the reward size (number of new bitcoins,25 in addition to fees that were paid for the transactions included in the block) together with the ScriptPubKey. This transaction is formed into a block with other transactions.26 To be sure that the created transaction is valid, users should wait until the transaction has been included in a block, which already contains several successor blocks (at least five in the Bitcoin system). Because every new block is created within a specified time, the waiting time is correspondingly long. In the Bitcoin system, the waiting time is between one and two hours. Miners receive the transaction fees for all transactions contained in the block. After a block is created, it is distributed to the users. Each full node verifies the block it has received according to defined rules and adds it to the chain. In this way, a chain is created of successive blocks that are linked together by references. The first block in the chain is also called the genesis block. Blockchain technology therefore lists all transactions that have ever been carried out in the respective system and included in blocks. The blocks listed form a chain, in which each block contains a reference to the previous one. This results in the creation of an orderly sequence of blocks and is what gave rise to the name “blockchain.” As the blockchain system is decentralized, and between users there is no agreement made as to the priority of the created blocks, it can happen that several
25 Up to 2020 there were 12.5 newly generated bitcoins. After 210,000 blocks, the reward paid to the miner will be halved (approx. every 4 years; for example, starting in 2020 there will be only 6.25 bitcoins). 26 Transactions of other users that the miner has already stored in its memory pool.
46
4 Where Does the Hype End, and Where Does the Innovation of Blockchain. . .
Header
Header
Header
Genesis Block
- Transaction bd0... - Transaction 0ab... - Transaction 9fe... - .............................. - ..............................
Block 0
Block n
- Transaction 4b7... - Transaction b3b... - Transaction e9b... - .............................. - ..............................
Block n+1 Header - Transaction 47d... - Transaction f18... - Transaction 5cb... - .............................. - ..............................
Orphan Block Fig. 4.6 Blockchain
miners create a new block at the same time. If these blocks comply with all the rules and refer to the last block, the result can be a branching of the chain. This branching is also called a “fork.” The solution for this problem is also the most important rule in the blockchain system: “The longest chain is valid.” (more on this topic in Sects. 4.1.3 and 3.3). The shortest chain is ignored; its blocks are called “orphan blocks” (see Fig. 4.6). The size of the Bitcoin blockchain was approximately 280 GB at the end of May 2020.
4.1.3 Updating the Blockchain The blockchain is updated by combining new transactions into blocks and cryptographically linking the blocks in a specific order. Because a blockchain-based system is decentralized, it is necessary that a consensus be reached. One of the biggest challenges here is to agree upon a state of system that is “right for everybody.” This means in which order the content should be and whether or not the execution of the content is correct (see Sect. 3.3). Generally-speaking, every full node can participate in finding a consensus and can update the blockchain. Since the Nakamoto consensus solution is based on the notion that in a system without
4.1 Traceability, Forgery Protection, Reliability
47
participation requirements27 the majority of the computing power is in the hands of honest users,28 full users (full nodes) can cast their vote to reach a consensus in the form of expending computing resources. This is carried out by solving a computational task. The user who solves the computational task faster than all the others in the system is allowed to update the blockchain. This user also gets a reward.29 This concept is called Proof-of-Work (PoW). The reward in the Bitcoin system therefore serves in the creation and dissemination of new bitcoins. This is also a motivating factor in getting users to participate in the mining process and thus ensuring the security of the system [62]. The computational task consists of simply trying out a random number of hash values to find a value that corresponds to the target. This process is called mining. The users who update the blockchain are called miners. Because, for example, in the Bitcoin system the reward consists in part of newly minted bitcoins, and these are distributed to the creator of the new block, there is indeed a similarity between the mining of raw materials: those who mine must work hard to reach the resources they are after. Other concepts, such as Proof-of-Stake (PoS) which is not based on the computing effort in solving the computational task but on the proportion of digital coins of a cryptocurrency, are not further pursued in this chapter. The work expended in mining is deliberately resource-intensive and difficult so that the block creation process remains constant (in the Bitcoin system this means a new block every 10 minutes) and prevents potential attackers from manipulating the blocks or flooding the network with fake blocks. It is likewise necessary for attackers to perform these intensive processes in order to create new blocks. After the completed transactions have been distributed to all full users, they verify the received transactions and save them in their respective cache (memory pool), until they are included in a block. Before a miner can include the transactions into a valid block, he has to solve a cryptographic computational task with a certain level of difficulty.30 The task consists of finding a hash value below the given target (“difficulty target”). The level of difficulty and target are adjusted every two weeks (after 2016 blocks) in such a way that ten minutes are required for the creation of a new block. If the computing power of the entire network increases (or decreases) and the 2016 blocks are found in less (or more) than two weeks, then the level of difficulty is raised or lowered accordingly. The hash value is determined by the double hash function SHA-256, calculated from the block header and a nonce.31 The nonce, a 32 bit long, variable hexadecimal
27 Malicious
users can generate many false identities. not that the majority of users is honest. 29 In the Bitcoin system the reward consists of newly mined bitcoins and transaction fees. 30 The level of difficulty indicates how hard it is to find a hash value below the given target. 31 In cryptography, the term “nonce” is used to denote a combination of numbers or letters that is only used a single time in the respective context [200]. 28 And
48
4 Where Does the Hype End, and Where Does the Innovation of Blockchain. . .
Fig. 4.7 Mining process in solving the cryptographic task
SHA256 (SHA256 (Block Header + Nonce ))
Hash value